No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello folks, I am using `new awsx.ec2.Vpc` to create a VPC for my application and I need to get the security group id which Pulumi Crosswalk automatically creates so that I can attach the security group to my RDS instance.
What is right way to fetch the auto-created security group details in Pulumi? Do I have to explicitly create the Security group on my own to do this?

Which security group are you looking for? I wasn't aware that AWSX created one. It creates an IG, subnets, one route table with routes per subnet, and one NAT per private subnet. That's all, I think?

AWS creates a default security group for a VPC. That's not Pulumi code though, AWS does that internally.

You can get that from a VPC via its _defaultSecurityGroupId_ property. Like this:
```const defaultSg = aws.ec2.getSecurityGroup("default", vpc.vpc.defaultSecurityGroupId);```

Be aware that managing this from Pulumi code isn't feasible, since you'd need to dynamically import it once and then never import it again. That pretty much requires manually editing the code. I recommend defining your own security group and ignoring the default one.

hi <@U012UJTT55M> Thanks for your input. I am creating a VPC with AWSX and then a Fargate cluster and an RDS. It looks like a security group with a description of `Managed by Pulumi` is automatically created and assigned to the Fargate Service by Pulumi. I need to assign the same security group to the RDS so that the Fargate cluster can access the database. That is the reason I want to programatically pull the security group details.
And I do see the `default` security group that you mentioned. But in this case the Fargate custer is auto assigned to the security group which is `Managed by Pulumi`

May be the best option is to create the security group on my own. Since I am quite new to this I was trying to avoid that..

&gt; automatically created and assigned to the Fargate Service by Pulumi. I need to assign the same security group to the RDS so that the Fargate cluster can access the database
That doesn't sound right. An SG can't automatically access things from other resources with the same SG. Are you sure you don't need to create a new SG that permits access from this automatically-created SG?